Getting Data In

Thread Info

How to configure Splunk to only index data from a database from the last 30 days?

I have a database that stores proxy info which I want to index. The problem is that there is way too much data and I ...

by Path Finder in

Why does splunk think it can't parse my timestamp

I am seeing some odd behavior. My setup is this: Splunk 6.3.1 Enterprise, 1 search head, 4 indexers, 1 forwarder Plus...

by Contributor in

How to search duration using two timestamps?

Hi, We need to find duration between timestamps and the format looks like below. max_time=1461593558.000 min _...

by Path Finder in

Why can't Splunk index my entire log file?

I am trying to index a somewhat long log file (about 38805 bytes according to the tailing processor). This log file c...

by Path Finder in

Monitoring directory loaded with LFTP Mirror causes reindexing. How should I solve this?

I'm using Splunk 6.3.2 with a simple monitor stanza in inputs.conf that watches all the *.txt files in a particular d...

by Explorer in

How to configure a heavy forwarder to filter out the ending string from Windows security event logs?

Hello guys I'm trying to drop the end of all Security events: This event is generated when a logon session is c...

by Path Finder in

Splunk Reindexes File that gets a new first line when closed

Hello, My problem is simple to explain: I have an app that generates logs that are written whenever a new action i...

by Path Finder in

Why are IIS logs not being indexed from Windows Share?

I have a universal forwarder (6.3.3 x64) installed on Windows Server 2012 R2 that is supposed to index IIS logs that ...

by New Member in

How to split a TCP input on STX/ETX (0x02/0x03), no line breaks, into separate events?

Hello, I'm trying to accept TCP input from a device which wraps each transmission into STX/ETX pair (ASCII 002/003), ...

by Builder in

get source files not updated in last 1 hour

I want to get source files not updated in last 1 hour in specific host. Like in host java123 there are 2 logs /logs/a...

by New Member in

Hourly CPU spike on indexers

Hey, Is there some internal scheduled event on an indexer than runs every hour? We're seeing our average CPU go fr...

by Path Finder in

Why is the Splunk Python SDK not returning formatted numbers in the JSON response?

Splunk Python SDK does not return formatted numbers in the JSON response. Example: |eval var1=tonumber(var2)| t...

by Motivator in

universal forwarder on windows: installation directory must be on a local hard drive

I've installed the universal forwarder on two of my domain controllers without issue. For some reason, on the rema...

by New Member in

Can I alias "host" and "source" fields from incoming logs so they don't interfere with Splunk's built-in fields?

Splunk inherently has host and source fields to log the host (forwarder) and source (log file) for each event. Howeve...

by Builder in

setup.xml: still magic for beginners - how can I realize an "I agree" confirmation?

we have two problems with setting up a setup.xml file: 1) actually we want to use the setup.xml file to just infor...

by Explorer in

Is there a parser that will convert Windows SDDL or ACE format strings into human readable content?

Hi, Is anyone aware of an existing parser that will convert windows SDDL format or ACE format strings into human r...

by Super Champion in

What is the endpoint to access splunk-launch.conf via REST API?

I am trying to access splunk-launch.conf from REST API. I've been through the REST API documentation and still can't ...

by Communicator in

How can I create a Dashboard to display only those domain User Accounts for which the contents of a specific AD attribute has changed?

Specifically, if an AD user account attribute "employeeType" changes from "NULL" to "Contractor", how can I detect/fi...

by Path Finder in

How to configure props.conf for a Unix timestamp in a JSON log file?

All, I have a json log file we're bringing in. Its time is logged as: "start":"1461191869.576” Any ide...

by Builder in

Why am I unable to delete Splunk from an Ubuntu server?

I tried deleting Splunk completely from the Ubuntu server. I'm able to delete the splunk_home directory, but when I r...

by New Member in

REST api no results from sid

Splunk 6.1.0 (build 206881) Mac OSX input: curl -u admin:splunker -k https://localhost:8089/services/search/jobs -...

by Path Finder in

How to configure inputs.conf to monitor files which get created automatically after reaching a certain size?

I have file called console.log. When its size reaches to 512MB, another file gets created with the name console_serve...

by New Member in

I configured inputs.conf in Splunk free to monitor different app log files, but why am I unable to view the data in Splunk Web?

HI, I am new to Splunk. Apologies if the same question was asked earlier. I am posting here as I couldn't find th...

by New Member in

How can I use a unixtimestamp as a timerange filter like with earliest & latest in the first pipe?

Hi, my events have a field with epochtime which I want to use in the very first pipe to filter the search Of cours...

by Motivator in

Change tag permission via REST API (cURL)

I have a curl statement which is sent to the rest api of my search head to add some tags based upon some criteria, af...

by Communicator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Getting Data In

Discussions

How to configure Splunk to only index data from a database from the last 30 days?

Why does splunk think it can't parse my timestamp

How to search duration using two timestamps?

Why can't Splunk index my entire log file?

Monitoring directory loaded with LFTP Mirror causes reindexing. How should I solve this?

How to configure a heavy forwarder to filter out the ending string from Windows security event logs?

Splunk Reindexes File that gets a new first line when closed

Why are IIS logs not being indexed from Windows Share?

How to split a TCP input on STX/ETX (0x02/0x03), no line breaks, into separate events?

get source files not updated in last 1 hour

Hourly CPU spike on indexers

Why is the Splunk Python SDK not returning formatted numbers in the JSON response?

universal forwarder on windows: installation directory must be on a local hard drive

Can I alias "host" and "source" fields from incoming logs so they don't interfere with Splunk's built-in fields?

setup.xml: still magic for beginners - how can I realize an "I agree" confirmation?

Is there a parser that will convert Windows SDDL or ACE format strings into human readable content?

What is the endpoint to access splunk-launch.conf via REST API?

How can I create a Dashboard to display only those domain User Accounts for which the contents of a specific AD attribute has changed?

How to configure props.conf for a Unix timestamp in a JSON log file?

Why am I unable to delete Splunk from an Ubuntu server?

REST api no results from sid

How to configure inputs.conf to monitor files which get created automatically after reaching a certain size?

I configured inputs.conf in Splunk free to monitor different app log files, but why am I unable to view the data in Splunk Web?

How can I use a unixtimestamp as a timerange filter like with earliest & latest in the first pipe?

Change tag permission via REST API (cURL)

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Splunk Answers Content Calendar May 2025 🎉

Solaris UFs have different build hash than others

Edge Processor Destination not showing up in Pipel...

ERROR: Tor IP are not updating in lookup

How to integrate SentinelOne Singularity Enterpris...

Getting Data In

Are you a member of the Splunk Community?

Discussions